XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML data...
9.1CVSS
8.8AI Score
0.008EPSS
A cleverly devised username might bypass LDAP authentication checks. InLDAP-authenticated Derby installations, this could let an attacker fillup the disk by creating junk Derby databases. In LDAP-authenticatedDerby installations, this could also allow the attacker to executemalware which was visibl...
9.8CVSS
9.6AI Score
0.002EPSS